Password-Stealing Malware Hidden Within Steam Game

A game listed on the Steam store was discovered to contain password-stealing malware, leading to its removal from the platform. The game, PirateFi, appeared to be a survival game but was actually designed to install the Vidar infostealer, a type of malware that can steal passwords, session cookies, cryptocurrency wallet data, and other sensitive information.

Valve, the company behind Steam, took down the game after users reported suspicious activity, but not before it had been downloaded by as many as 1,500 players. According to cybersecurity researchers, PirateFi was never a legitimate game but rather a disguised delivery method for malware.

Marius Genheimer, a researcher with SECUINFRA, told TechCrunch that the game was built using a template called Easy Survival RPG, which allowed hackers to quickly create what appeared to be a functioning game with little effort. “It is highly likely that it never was a legitimate, running game that was altered after first publication,” Genheimer said.

The malware was embedded in a file named Howard.exe and was programmed to run in the background once the game was launched. The infection was first detected when some users’ antivirus software flagged the game as containing Trojan.Win32.Lazzy.gen, prompting further investigation.

Steam responded by sending alerts to affected users, advising them to scan their computers, change their passwords, and to even consider reinstalling Windows entirely. Reports also surfaced of a fake job offer associated with PirateFi, where players were contacted through Telegram with an offer to become a chat moderator for $17 per hour.

The job listing was part of a social engineering scheme to lure more users into downloading the game. The messages sent by the supposed employer were automated, arriving exactly 21 seconds apart, which raised suspicions among recipients.

Valve has not publicly commented on how the malware bypassed its security measures. A similar case (though not on Steam) involved a Super Mario 3: Mario Forever installer that hid malware capable of stealing credentials and disabling security tools.